[{"data":1,"prerenderedAt":869},["ShallowReactive",2],{"blog-\u002Fblog\u002F2024\u002F07\u002Fhow-to-setup-sso-ldap-for-the-node-red":3},{"id":4,"title":5,"body":6,"description":855,"extension":856,"meta":857,"navigation":864,"path":865,"seo":866,"stem":867,"__hash__":868},"blog\u002Fblog\u002F2024\u002F07\u002Fhow-to-setup-sso-ldap-for-the-node-red.md","How to Set Up SSO LDAP for Node-RED",{"type":7,"value":8,"toc":841},"minimark",[9,19,24,29,32,35,39,74,78,91,95,98,198,206,213,235,242,262,269,274,281,287,292,298,302,308,315,321,328,334,350,359,367,371,376,444,457,541,545,653,657,706,710,718,725,731,738,743,750,759,766,776,783,802,806,813,824,830,834,837],[10,11,12,13,18],"p",{},"A few days ago, we published a ",[14,15,17],"a",{"href":16},"\u002Fblog\u002F2024\u002F07\u002Fhow-to-setup-sso-saml-for-the-node-red\u002F","blog"," explaining SSO and how to set up SAML for your self-hosted FlowFuse. Now, in this guide, we will walk you through the process of setting up SSO with LDAP for your self-hosted FlowFuse. We will use OpenLDAP as the provider and cover everything from introducing LDAP, how it works, installing and configuring OpenLDAP, managing users (create, delete, update), and finally setting up FlowFuse for SSO with LDAP.",[20,21,23],"h2",{"id":22},"understanding-ldap-sso","Understanding LDAP SSO?",[25,26,28],"h3",{"id":27},"what-is-ldap","What is LDAP",[10,30,31],{},"LDAP (Lightweight Directory Access Protocol) is a protocol used to access and manage directory information. In the context of network administration, a directory service acts as a specialized database that stores and organizes information about users, devices, and other resources. Think of it as a digital phonebook for your network, allowing centralized management and efficient access to information.",[10,33,34],{},"LDAP enables applications and services to query, add, update, and delete directory entries stored on LDAP servers. It simplifies identity management by enabling easy authentication, authorization, and quick access to information across distributed systems.",[25,36,38],{"id":37},"how-ldap-sso-works","How LDAP SSO works",[40,41,42,50,56,62,68],"ol",{},[43,44,45,49],"li",{},[46,47,48],"strong",{},"User Authentication Request:"," A user attempts to access a service or application that requires authentication.",[43,51,52,55],{},[46,53,54],{},"SSO Initiation:"," The application forwards the authentication request to the Identity Provider (IdP) configured with LDAP, such as OpenLDAP.",[43,57,58,61],{},[46,59,60],{},"LDAP Authentication:"," The IdP (LDAP server) verifies the user's credentials against its directory.",[43,63,64,67],{},[46,65,66],{},"Authentication Response:"," If the credentials are valid, the LDAP server sends an authentication response (usually a token or assertion) back to the application.",[43,69,70,73],{},[46,71,72],{},"Access Granted:"," The application grants access to the user based on the authentication response received from the LDAP server.",[20,75,77],{"id":76},"setting-up-sso-ldap-for-flowfuse","Setting up SSO LDAP for FlowFuse",[10,79,80,81,85,86,90],{},"Before we proceed, ensure that FlowFuse is deployed on your server with an Enterprise license and you have ssh connection with it so that you can run commands on the server. If you haven't installed it yet, please check out our ",[14,82,84],{"href":83},"\u002Fdocs\u002Finstall\u002Fintroduction\u002F","documentation on installing FlowFuse"," or our blog on ",[14,87,89],{"href":88},"\u002Fblog\u002F2024\u002F07\u002Fdeploying-flowfuse-with-docker\u002F","deploying FlowFuse on Ubuntu with Docker",".",[25,92,94],{"id":93},"installing-and-configuring-openldap","Installing and Configuring OpenLDAP",[10,96,97],{},"Throughout this section, we will install and configure OpenLDAP on your Ubuntu server. Make sure to replace the commands and configs with your details. If you are using a different distribution, you can follow other resources available on the internet for installation and configuration, as well as managing of users.",[40,99,100,146,173,195],{},[43,101,102,103],{},"Set the hostname for your LDAP server:",[104,105,110],"pre",{"className":106,"code":107,"language":108,"meta":109,"style":109},"language-bash shiki shiki-themes github-light github-dark","hostnamectl set-hostname ldap.\u003Cyour-domain>.com\n","bash","",[111,112,113],"code",{"__ignoreMap":109},[114,115,118,122,126,129,133,136,140,143],"span",{"class":116,"line":117},"line",1,[114,119,121],{"class":120},"sScJk","hostnamectl",[114,123,125],{"class":124},"sZZnC"," set-hostname",[114,127,128],{"class":124}," ldap.",[114,130,132],{"class":131},"szBVR","\u003C",[114,134,135],{"class":124},"your-domai",[114,137,139],{"class":138},"sVt8B","n",[114,141,142],{"class":131},">",[114,144,145],{"class":124},".com\n",[43,147,148,149,152,153],{},"Add the server IP to ",[111,150,151],{},"\u002Fetc\u002Fhosts",":",[104,154,156],{"className":106,"code":155,"language":108,"meta":109,"style":109},"echo '\u003Cyour_server_ip> ldap.\u003Cyour-domain>.com' >> \u002Fetc\u002Fhosts\n",[111,157,158],{"__ignoreMap":109},[114,159,160,164,167,170],{"class":116,"line":117},[114,161,163],{"class":162},"sj4cs","echo",[114,165,166],{"class":124}," '\u003Cyour_server_ip> ldap.\u003Cyour-domain>.com'",[114,168,169],{"class":131}," >>",[114,171,172],{"class":124}," \u002Fetc\u002Fhosts\n",[43,174,175,176],{},"Install OpenLDAP and related utilities:",[104,177,179],{"className":106,"code":178,"language":108,"meta":109,"style":109},"apt install slapd ldap-utils\n",[111,180,181],{"__ignoreMap":109},[114,182,183,186,189,192],{"class":116,"line":117},[114,184,185],{"class":120},"apt",[114,187,188],{"class":124}," install",[114,190,191],{"class":124}," slapd",[114,193,194],{"class":124}," ldap-utils\n",[43,196,197],{},"Set an administrator password for LDAP during installation and confirm it in the next prompt.",[10,199,200],{},[201,202],"img",{"alt":203,"src":204,"title":205},"\"Screenshot of prompt asking to set the administrator password while installation\"","\u002Fblog\u002F2024\u002F07\u002Fimages\u002FLdap-Server-Admin-Password-Ubuntu.png","Screenshot of prompt asking to set the administrator password",[10,207,208],{},[201,209],{"alt":210,"src":211,"title":212},"\"Screenshot of prompt asking to conform the administrator password\"","\u002Fblog\u002F2024\u002F07\u002Fimages\u002FConfirm-Ldap-Admin-Passsword-Ubuntu.png","Screenshot of prompt asking to conform the administrator password",[40,214,216,232],{"start":215},5,[43,217,218,219],{},"Reconfigure the slapd package:",[104,220,222],{"className":106,"code":221,"language":108,"meta":109,"style":109},"dpkg-reconfigure slapd\n",[111,223,224],{"__ignoreMap":109},[114,225,226,229],{"class":116,"line":117},[114,227,228],{"class":120},"dpkg-reconfigure",[114,230,231],{"class":124}," slapd\n",[43,233,234],{},"When asked to omit server configuration, select ‘NO’",[10,236,237],{},[201,238],{"alt":239,"src":240,"title":241},"\"Screenshot of prompt asking to omit the server configuration\"","\u002Fblog\u002F2024\u002F07\u002Fimages\u002FCofiguring-slapd-ubuntu.png","Screenshot of prompt asking to omit the server configuration",[40,243,245],{"start":244},7,[43,246,247,248],{},"Configure the base DN (Distinguished Name) for your LDAP directory:",[249,250,251],"ul",{},[43,252,253,254,257,258,261],{},"Use your domain name to construct the base DN. For example, if your domain is ",[111,255,256],{},"my-flows.site",", the base DN would be ",[111,259,260],{},"dc=my-flows,dc=site"," and press 'ENTER' to confirm.",[10,263,264],{},[201,265],{"alt":266,"src":267,"title":268},"Screenshot of prompt asking to enter your domain to construct the base DN\"","\u002Fblog\u002F2024\u002F07\u002Fimages\u002Fprompt-for-domain.jpeg","Screenshot of prompt asking to enter your domain to construct the base DN",[249,270,271],{},[43,272,273],{},"Provide a name for your organization, which will also be part of the base DN and press 'Enter.'",[10,275,276],{},[201,277],{"alt":278,"src":279,"title":280},"\"Screenshot of prompt asking to enter your org name\"","\u002Fblog\u002F2024\u002F07\u002Fimages\u002Fprompt-for-org.jpeg","Screenshot of prompt asking to enter your org name",[40,282,284],{"start":283},9,[43,285,286],{},"Enter the Administrator password for your LDAP directory.",[10,288,289],{},[201,290],{"alt":291,"src":204,"title":205},"\"Screenshot of prompt asking to set the administrator password\"",[40,293,295],{"start":294},10,[43,296,297],{},"Confirm the password.",[10,299,300],{},[201,301],{"alt":210,"src":211,"title":212},[40,303,305],{"start":304},11,[43,306,307],{},"When asked to remove the database when slapd is purged, select ‘NO’.",[10,309,310],{},[201,311],{"alt":312,"src":313,"title":314},"\"Screenshot of the prompt asking to remove the database when slapd is purged\"","\u002Fblog\u002F2024\u002F07\u002Fimages\u002FDatabase-Removal-Slapd-Ubuntu.png","Screenshot of the prompt asking to remove the database when slapd is purged",[40,316,318],{"start":317},12,[43,319,320],{},"Select ‘Yes’ to remove the old database to create room for a new database.",[10,322,323],{},[201,324],{"alt":325,"src":326,"title":327},"\"Screenshot of the prompt asking to remove the old database\"","\u002Fblog\u002F2024\u002F07\u002Fimages\u002FSelect-Yes-Move-Old-Databases-Slapd-Ubuntu.png","Screenshot of the prompt asking to remove the old database",[40,329,331],{"start":330},13,[43,332,333],{},"Edit the main OpenLDAP configuration file:",[104,335,337],{"className":106,"code":336,"language":108,"meta":109,"style":109},"sudo nano \u002Fetc\u002Fldap\u002Fldap.conf\n",[111,338,339],{"__ignoreMap":109},[114,340,341,344,347],{"class":116,"line":117},[114,342,343],{"class":120},"sudo",[114,345,346],{"class":124}," nano",[114,348,349],{"class":124}," \u002Fetc\u002Fldap\u002Fldap.conf\n",[40,351,353],{"start":352},14,[43,354,355,356,358],{},"Uncomment the lines beginning with “BASE” and “URI”, for example, my domain is ",[111,357,256],{},", we have updated the file as below, but you have to update it according to your domain:",[104,360,365],{"className":361,"code":363,"language":364},[362],"language-text","BASE `dc=my-flows,dc=site.`\nURI `ldap:\u002F\u002Fldap.my-flows.site.`\n","text",[111,366,363],{"__ignoreMap":109},[25,368,370],{"id":369},"adding-updating-and-deleting-groups-and-users","Adding, Updating, and Deleting Groups and Users",[372,373,375],"h4",{"id":374},"adding-groups-and-users","Adding Groups and Users",[40,377,378,394,411,441],{},[43,379,380,381],{},"Create a file for the base groups and open the editor:",[104,382,384],{"className":106,"code":383,"language":108,"meta":109,"style":109},"nano groups.ldif\n",[111,385,386],{"__ignoreMap":109},[114,387,388,391],{"class":116,"line":117},[114,389,390],{"class":120},"nano",[114,392,393],{"class":124}," groups.ldif\n",[43,395,396,397,400,401,404,405],{},"Add the following content to ",[111,398,399],{},"groups.ldif",", which will create the ",[111,402,403],{},"users"," group, make sure when you create a new group the gidNumber and ou is unique:",[104,406,409],{"className":407,"code":408,"language":364},[362],"dn: ou=users,dc=my-flows,dc=site\nobjectClass: organizationalUnit\nou: users\ngidNumber: 7000\n",[111,410,408],{"__ignoreMap":109},[43,412,413,414],{},"Add the groups to the LDAP directory:",[104,415,417],{"className":106,"code":416,"language":108,"meta":109,"style":109},"ldapadd -x -D cn=admin,dc=my-flows,dc=site -W -f groups.ldif\n",[111,418,419],{"__ignoreMap":109},[114,420,421,424,427,430,433,436,439],{"class":116,"line":117},[114,422,423],{"class":120},"ldapadd",[114,425,426],{"class":162}," -x",[114,428,429],{"class":162}," -D",[114,431,432],{"class":124}," cn=admin,dc=my-flows,dc=site",[114,434,435],{"class":162}," -W",[114,437,438],{"class":162}," -f",[114,440,393],{"class":124},[43,442,443],{},"Create  a password for the user and store the encrypted password:",[104,445,447],{"className":106,"code":446,"language":108,"meta":109,"style":109},"Slappasswd -g\n",[111,448,449],{"__ignoreMap":109},[114,450,451,454],{"class":116,"line":117},[114,452,453],{"class":120},"Slappasswd",[114,455,456],{"class":162}," -g\n",[40,458,460,475,514,517],{"start":459},4,[43,461,462,463],{},"Create a file for the user:",[104,464,466],{"className":106,"code":465,"language":108,"meta":109,"style":109},"nano user.ldif\n",[111,467,468],{"__ignoreMap":109},[114,469,470,472],{"class":116,"line":117},[114,471,390],{"class":120},[114,473,474],{"class":124}," user.ldif\n",[43,476,477,478,481,482,481,485,488,489,488,492,495,496,499,500,503,504,507,508],{},"Add the following content to user.ldif. Replace the placeholders with actual values for ",[111,479,480],{},"uid",", ",[111,483,484],{},"sn",[111,486,487],{},"givenName",",",[111,490,491],{},"displayName",[111,493,494],{},"cn"," ,",[111,497,498],{},"gecos"," , ",[111,501,502],{},"homeDirectory",", and set userPassword to the password generated earlier. Ensure each user has a unique ",[111,505,506],{},"uidNumber",", and you can keep the gidNumber the same if users belong to the same primary group",[104,509,512],{"className":510,"code":511,"language":364},[362],"dn: uid=sumit,ou=users,dc=my-flows,dc=site\nobjectClass: inetOrgPerson\nobjectClass: posixAccount\nobjectClass: shadowAccount\nuid: sumit\nsn: shinde\ngivenName: sumit\ncn: sumit shinde\ndisplayName: sumit shinde\nuidNumber: 1000\ngidNumber: 7000\nuserPassword: {SSHA}uQVjd8MLaJ7AXEd\u002FgrqViuKnk9tNojdy\ngecos: sumit shinde\nloginShell: \u002Fbin\u002Fbash\nhomeDirectory: \u002Fhome\u002Fsumit\n",[111,513,511],{"__ignoreMap":109},[43,515,516],{},"Save and exit the configuration file.",[43,518,519,520],{},"Add the user to the LDAP directory:",[104,521,523],{"className":106,"code":522,"language":108,"meta":109,"style":109},"ldapadd -x -D cn=admin,dc=my-flows,dc=site -W -f user.ldif\n",[111,524,525],{"__ignoreMap":109},[114,526,527,529,531,533,535,537,539],{"class":116,"line":117},[114,528,423],{"class":120},[114,530,426],{"class":162},[114,532,429],{"class":162},[114,534,432],{"class":124},[114,536,435],{"class":162},[114,538,438],{"class":162},[114,540,474],{"class":124},[372,542,544],{"id":543},"updating-groups-and-users","Updating Groups and Users",[40,546,547,562,574,576,601,616,628,630],{},[43,548,549,550],{},"Create a file for the user update:",[104,551,553],{"className":106,"code":552,"language":108,"meta":109,"style":109},"nano user_update.ldif\n",[111,554,555],{"__ignoreMap":109},[114,556,557,559],{"class":116,"line":117},[114,558,390],{"class":120},[114,560,561],{"class":124}," user_update.ldif\n",[43,563,396,564,567,568],{},[111,565,566],{},"user_update.ldif"," to update the user's details (e.g., changing the display name):",[104,569,572],{"className":570,"code":571,"language":364},[362],"dn: uid=sumit,ou=users,dc=my-flows,dc=site\nchangetype: modify\nreplace: displayName\ndisplayName: Sumit Rupesh Shinde\n",[111,573,571],{"__ignoreMap":109},[43,575,516],{},[43,577,578,579],{},"Apply the update to the LDAP directory:",[104,580,582],{"className":106,"code":581,"language":108,"meta":109,"style":109},"ldapmodify -x -D cn=admin,dc=my-flows,dc=site -W -f user_update.ldif\n",[111,583,584],{"__ignoreMap":109},[114,585,586,589,591,593,595,597,599],{"class":116,"line":117},[114,587,588],{"class":120},"ldapmodify",[114,590,426],{"class":162},[114,592,429],{"class":162},[114,594,432],{"class":124},[114,596,435],{"class":162},[114,598,438],{"class":162},[114,600,561],{"class":124},[43,602,603,604],{},"Create a file for the group update:",[104,605,607],{"className":106,"code":606,"language":108,"meta":109,"style":109},"nano group_update.ldif\n",[111,608,609],{"__ignoreMap":109},[114,610,611,613],{"class":116,"line":117},[114,612,390],{"class":120},[114,614,615],{"class":124}," group_update.ldif\n",[43,617,396,618,621,622],{},[111,619,620],{},"group_update.ldif"," to update the group's details (e.g., changing the organizational unit name):",[104,623,626],{"className":624,"code":625,"language":364},[362],"dn: ou=users,dc=my-flows,dc=site\nchangetype: modify\nreplace: ou\nou: staff\n",[111,627,625],{"__ignoreMap":109},[43,629,516],{},[43,631,578,632],{},[104,633,635],{"className":106,"code":634,"language":108,"meta":109,"style":109},"ldapmodify -x -D cn=admin,dc=my-flows,dc=site -W -f group_update.ldif\n",[111,636,637],{"__ignoreMap":109},[114,638,639,641,643,645,647,649,651],{"class":116,"line":117},[114,640,588],{"class":120},[114,642,426],{"class":162},[114,644,429],{"class":162},[114,646,432],{"class":124},[114,648,435],{"class":162},[114,650,438],{"class":162},[114,652,615],{"class":124},[372,654,656],{"id":655},"deleting-groups-and-users","Deleting Groups and Users",[40,658,659,683],{},[43,660,661,662],{},"Delete a user from the LDAP directory:",[104,663,665],{"className":106,"code":664,"language":108,"meta":109,"style":109},"ldapdelete -x -D cn=admin,dc=my-flows,dc=site -W \"uid=sumit,ou=users,dc=my-flows,dc=site\"\n",[111,666,667],{"__ignoreMap":109},[114,668,669,672,674,676,678,680],{"class":116,"line":117},[114,670,671],{"class":120},"ldapdelete",[114,673,426],{"class":162},[114,675,429],{"class":162},[114,677,432],{"class":124},[114,679,435],{"class":162},[114,681,682],{"class":124}," \"uid=sumit,ou=users,dc=my-flows,dc=site\"\n",[43,684,685,686],{},"Delete a group from the LDAP directory:",[104,687,689],{"className":106,"code":688,"language":108,"meta":109,"style":109},"ldapdelete -x -D cn=admin,dc=my-flows,dc=site -W \"ou=users,dc=my-flows,dc=site\"\n",[111,690,691],{"__ignoreMap":109},[114,692,693,695,697,699,701,703],{"class":116,"line":117},[114,694,671],{"class":120},[114,696,426],{"class":162},[114,698,429],{"class":162},[114,700,432],{"class":124},[114,702,435],{"class":162},[114,704,705],{"class":124}," \"ou=users,dc=my-flows,dc=site\"\n",[25,707,709],{"id":708},"configuring-and-enabling-sso-in-flowfuse","Configuring and Enabling SSO in FlowFuse",[40,711,712,715],{},[43,713,714],{},"To configure FlowFuse with SSO, make sure you are logged in as an administrator.",[43,716,717],{},"Go to Admin settings by clicking on the profile icon in the top-right corner and then selecting \"Admin settings\".",[10,719,720],{},[201,721],{"alt":722,"src":723,"title":724},"\"Screenshot showing the admin settings option in the profile icon\"","\u002Fblog\u002F2024\u002F07\u002Fimages\u002Fadmin-setting-option.png","Screenshot showing the admin settings option in the profile icon",[40,726,728],{"start":727},3,[43,729,730],{},"Click on \"Settings\" from the left sidebar and switch to the SSO section.",[10,732,733],{},[201,734],{"alt":735,"src":736,"title":737},"\"Screenshot showing the sso section in the admin settings\"","\u002Fblog\u002F2024\u002F07\u002Fimages\u002Fsetting's-sso-setting-section.png","Screenshot showing the sso section in the admin settings",[40,739,740],{"start":459},[43,741,742],{},"Click on the top-right \"Create SSO configuration\".",[10,744,745],{},[201,746],{"alt":747,"src":748,"title":749},"\"Screenshot showing the 'create sso configuration' button\"","\u002Fblog\u002F2024\u002F07\u002Fimages\u002Fcreate-sso-config-button.png","Screenshot showing the 'create sso configuration' button",[40,751,752],{"start":215},[43,753,754,755,758],{},"Enter the name for your configuration, then enter the domain with ",[111,756,757],{},"@"," prefix and select the \"LDAP\" option. Click on the \"Create configuration\" button.",[10,760,761],{},[201,762],{"alt":763,"src":764,"title":765},"\"Screenshot showing the initial form to create ldap sso configuration\"","\u002Fblog\u002F2024\u002F07\u002Fimages\u002Fsso-config-ldap.png","Screenshot showing the initial form to create ldap sso configuration",[40,767,769],{"start":768},6,[43,770,771,772,775],{},"In the next form, in the server field enter ",[111,773,774],{},"your-server-ip:389",". 389 is the default port for LDAP but make sure to check it. If you are going to enable TLS, replace the port with 636.",[10,777,778],{},[201,779],{"alt":780,"src":781,"title":782},"\"Screenshot showing the advance form to create ldap sso configuration\"","\u002Fblog\u002F2024\u002F07\u002Fimages\u002Fldap-advance-config-tag.png","Screenshot showing the advance form to create ldap sso configuration",[40,784,785,788,791,799],{"start":244},[43,786,787],{},"Enter the the bind DN into the username field.",[43,789,790],{},"Enter the password for the LDAP administrator in the password field.",[43,792,793,794,796,797,90],{},"Enter the Base DN. For example, if your domain is ",[111,795,256],{},", the Base DN will be ",[111,798,260],{},[43,800,801],{},"Click on the \"Update configuration\" button.",[25,803,805],{"id":804},"signing-in-using-sso","Signing in Using SSO",[10,807,808,809,90],{},"To sign in using SSO, users of your self-hosted FlowFuse must have a FlowFuse account created with an email ID associated with the domain configured with SSO. For more information, refer to ",[14,810,812],{"href":811},"\u002Fdocs\u002Fadmin\u002Fuser_management\u002F#creating-new-users","creating users in FlowFuse",[40,814,815,818,821],{},[43,816,817],{},"Open your platform in the browser. Enter the username in the username\u002Femail field.",[43,819,820],{},"Click on \"Login\".",[43,822,823],{},"Then enter the password set in the LDAP directory for that user.",[10,825,826],{},[827,828,829],"em",{},"Note: Admin users will still be able to log in with their original FlowFuse username\u002Fpassword - this ensures they don't get locked out of the platform if there is a problem with the SSO configuration",[20,831,833],{"id":832},"conclusion","Conclusion",[10,835,836],{},"In this guide, we covered how to set up SSO with LDAP for your self-hosted FlowFuse platform using OpenLDAP. We installed and configured OpenLDAP, learned to managed groups and users, and configured SSO within FlowFuse. This setup enhances security by centralizing user authentication and simplifies access across applications, ensuring efficient user management in your FlowFuse deployment.",[838,839,840],"style",{},"html pre.shiki code .sScJk, html code.shiki .sScJk{--shiki-default:#6F42C1;--shiki-dark:#B392F0}html pre.shiki code .sZZnC, html code.shiki .sZZnC{--shiki-default:#032F62;--shiki-dark:#9ECBFF}html pre.shiki code .szBVR, html code.shiki .szBVR{--shiki-default:#D73A49;--shiki-dark:#F97583}html pre.shiki code .sVt8B, html code.shiki .sVt8B{--shiki-default:#24292E;--shiki-dark:#E1E4E8}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .sj4cs, html code.shiki .sj4cs{--shiki-default:#005CC5;--shiki-dark:#79B8FF}",{"title":109,"searchDepth":842,"depth":842,"links":843},2,[844,848,854],{"id":22,"depth":842,"text":23,"children":845},[846,847],{"id":27,"depth":727,"text":28},{"id":37,"depth":727,"text":38},{"id":76,"depth":842,"text":77,"children":849},[850,851,852,853],{"id":93,"depth":727,"text":94},{"id":369,"depth":727,"text":370},{"id":708,"depth":727,"text":709},{"id":804,"depth":727,"text":805},{"id":832,"depth":842,"text":833},"A few days ago, we published a blog explaining SSO and how to set up SAML for your self-hosted FlowFuse. Now, in this guide, we will walk you through the process of setting up SSO with LDAP for your self-hosted FlowFuse. We will use OpenLDAP as the provider and cover everything from introducing LDAP, how it works, installing and configuring OpenLDAP, managing users (create, delete, update), and finally setting up FlowFuse for SSO with LDAP.","md",{"navTitle":5,"excerpt":858},{"type":7,"value":859},[860],[10,861,12,862,18],{},[14,863,17],{"href":16},true,"\u002Fblog\u002F2024\u002F07\u002Fhow-to-setup-sso-ldap-for-the-node-red",{"title":5,"description":855},"blog\u002F2024\u002F07\u002Fhow-to-setup-sso-ldap-for-the-node-red","1WqqJm5yrsApetXag9g6ruo5ANgmSi3DLWzRyZf0Xws",1780070552048]